summaryrefslogtreecommitdiffstats
path: root/src/man
Commit message (Collapse)AuthorAgeFilesLines
* MAN: Fix a typo in the ldap_id_mapping pageJakub Hrozek2014-06-041-1/+1
| | | | Reviewed-by: Pavel Reichl <preichl@redhat.com>
* MAN: Add reference to manual page sssd-sudoLukas Slebodnik2014-06-032-0/+37
| | | | Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* PAM: add ignore_authinfo_unavail optionLukas Slebodnik2014-06-031-0/+14
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2232 Reviewed-by: Sumit Bose <sbose@redhat.com>
* MAN: hint nested groups by simple access providerPavel Reichl2014-06-022-1/+22
| | | | | | | | | | | sssd-ldap hints to use the simple access provider if a nested group membership is needed. Add explicit notice in sssd-simple about support of nested group membership. Resolves: https://fedorahosted.org/sssd/ticket/2308 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* NSS: Add option to expand homedir template formatLukas Slebodnik2014-06-025-0/+28
| | | | | | | | | LDAP server can contain template for home directory instead of plain string. This patch adds new expand option "%H", which will be replaced with value from configuration option homedir_substring (from sssd.conf) Resolves: https://fedorahosted.org/sssd/ticket/1853
* SDAP: Add option to disable use of Token-GroupsPavel Reichl2014-06-021-0/+14
| | | | | | | | | | | Disabling use of Token-Groups is mandatory if expansion of nested groups is not desired (ldap_group_nesting_level = 0) for AD provider. Resolves: https://fedorahosted.org/sssd/ticket/2294 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: Detailed ldap_group_nesting_level optionPavel Reichl2014-06-021-0/+16
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2294 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* TOOLS: Allow adding and modifying custom attributes with sss_usermodJakub Hrozek2014-06-011-0/+36
| | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2182 Adds three new options to the sss_usermod tool: --addattr --setattr --delattr The syntax is attrname=val1,val2, For example: sss_usermod --addattr=phone-123-456 tuser The operations are performed in the order of add, mod, del. Reviewed-by: Michal Židek <mzidek@redhat.com>
* man: clarify refresh_expired_intervalPavel Březina2014-06-011-3/+7
| | | | | | https://fedorahosted.org/sssd/ticket/2114 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* Updating the translations for the 1.12 beta1 releasesssd-1_12_0_beta1sssd-1_11_91sssd-1_11_90Jakub Hrozek2014-05-3016-22311/+31039
|
* MAN: Add sssd-ifp to the list of translatable manual pagesJakub Hrozek2014-05-301-0/+1
| | | | Reviewed-by: Michal Židek <mzidek@redhat.com>
* man: Substitute entity values for entity referencesLukas Slebodnik2014-05-301-1/+1
| | | | | | | | | | | Validation of xml files failed with new version of libxml2 (CVE-2014-0191) make[2]: Entering directory `/builddir/build/BUILD/sssd-1.9.2/src/man' /usr/bin/xmllint --catalogs --postvalid --nonet --xinclude --noout sss_usermod.8.xml sss_usermod.8.xml:4: element reference: validity error : No declaration for element reference sss_usermod.8.xml:5: element title: validity error : No declaration for element title Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IFP: Per-attribute ACL for usersJakub Hrozek2014-05-131-0/+62
| | | | | | | | | | | Introduces a new option called user_attributes that allows to specify which user attributes are allowed to be queried from the IFP responder. By default only the default POSIX set is allowed, this option allows to either add other attributes (+attrname) or remove them from the default set (-attrname). Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* Implemented LDAP component of GPO-based access controlYassir Elley2014-05-131-0/+64
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IFP: use a list of allowed_uids for authenticationJakub Hrozek2014-05-131-0/+32
| | | | | | | | Similar to the PAC responder, the InfoPipe uses a list of UIDs that are allowed to communicate with the IFP responder. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Stef Walter <stefw@redhat.com>
* LDAP: Make it possible to extend an attribute mapJakub Hrozek2014-05-021-0/+48
| | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2073 This commit adds a new option ldap_user_extra_attrs that is unset by default. When set, the option contains a list of LDAP attributes the LDAP provider would download and store in addition to the usual set. The list can either contain LDAP attribute names only, or colon-separated tuples of LDAP attribute and SSSD cache attribute name. In case only LDAP attribute name is specified, the attribute is saved to the cache verbatim. Using a custom SSSD attribute name might be required by environments that configure several SSSD domains with different LDAP schemas. Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* ad_access_filter man page typoYassir Elley2014-04-171-1/+1
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* IFP: Re-add the InfoPipe serverJakub Hrozek2014-04-044-1/+61
| | | | | | | | Related: https://fedorahosted.org/sssd/ticket/2072 This commit only adds the responder and the needed plumbing. No DBus related code is in yet.
* MAN: minimal value expected for ldap_idmap_range_sizePavel Reichl2014-03-201-0/+16
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/1451 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: Option name typo in sssd-krb5Pavel Reichl2014-03-141-1/+1
| | | | | | From krb5ccache_dir to krb5_ccachedir Reviewed-by: Sumit Bose <sbose@redhat.com>
* PAM: add ignore_unknown_user optionPete Fritchman2014-03-141-0/+13
| | | | | | https://fedorahosted.org/sssd/ticket/2232 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: new general options sectionPavel Reichl2014-03-131-39/+62
| | | | | | | | | | Some options are relevant to multiple sections of sssd.conf. This patch adds new sections for those. Resolves: https://fedorahosted.org/sssd/ticket/2218 Reviewed-by: Sumit Bose <sbose@redhat.com>
* MAN: Clarify the GC support a bitJakub Hrozek2014-03-111-5/+13
| | | | | | | | | It should be noted that disabling GC does *not* disable lookups from trusted domains. Disabling GC might be a a good way for admins who wish to use POSIX attributes in trusted domains and the man page should hint this option. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* SUDO: AD providerSumit Bose2014-03-022-6/+15
| | | | | | | | | | | | | | This patch adds the sudo target to the AD provider. The main reason is to cover different default settings in the LDAP and AD provider. E.g. the default for ldap_id_mapping is True in the AD provider and False in the LDAP provider. If ldap_id_mapping was not set explicitly in the config file both components worked with different setting. Fixes https://fedorahosted.org/sssd/ticket/2256 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* MAN: Clarify that changing ID mapping options might require purging the cacheJakub Hrozek2014-02-261-0/+42
| | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2252 Currently SSSD chokes when IDs of users change, we don't support ID changes yet. Because some users were confused about the failures, this patch adds additional clarification. Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* MAN: Clarify the ldap_access_filter option furtherJakub Hrozek2014-02-261-4/+5
| | | | | | | | | | https://fedorahosted.org/sssd/ticket/2235 The memberof example was misleading and was making aministrators think that the ldap_access_filter can resolve nested group memberships. Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* Translation: Move german translation to right directoryLukas Slebodnik2014-02-182-1/+11053
| | | | | | | | | po/de.po -> src/man/po/de.po Resolves: https://fedorahosted.org/sssd/ticket/2225 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: Clarify the new krb5_use_fast IPA defaultJakub Hrozek2014-02-172-1/+35
|
* MAN: update of subdomain_homedir usagePavel Reichl2014-02-051-1/+2
| | | | | Resolves: https://fedorahosted.org/sssd/ticket/2169
* MAN: clarify which shell option takes precedenceJakub Hrozek2014-01-291-6/+7
|
* MAN: Fix a typoJakub Hrozek2014-01-201-1/+1
|
* AD: Add a new option to turn off GC lookupsJakub Hrozek2013-12-191-0/+17
| | | | | | | | | | SSSD now defaults to using GC by default. For some environments, for instance those that don't or can't replicate the POSIX attributes to Global Catalog, this might not be desirable. This patch introduces a new option ad_enable_gc, that is enabled by default. Setting this option to false makes the SSSD contact only the LDAP port of AD DCs.
* Add new option ldap_group_typeSumit Bose2013-12-191-0/+21
|
* MAN: Remove unused experimental fileJakub Hrozek2013-12-042-36/+0
|
* MAN: Add a link explaining different LDAP scopesJakub Hrozek2013-12-041-2/+6
|
* AD: Fix a typo in the man pageJakub Hrozek2013-11-271-1/+1
| | | | https://fedorahosted.org/sssd/ticket/2154
* nss: check for Well-Known SIDs in SID based requestsSumit Bose2013-11-151-0/+35
|
* Add ldap_autofs_map_master_name optionCove Schneider2013-11-121-0/+13
|
* confdb: Make offline timeout configurableMichal Zidek2013-11-071-0/+15
| | | | | | | Added and documented option offline_timeout. Resolves: https://fedorahosted.org/sssd/ticket/1718
* MAN: Document that krb5 directories can only be created as privateJakub Hrozek2013-10-291-10/+3
|
* AD: Add extended access filterJakub Hrozek2013-10-251-3/+38
| | | | | | | https://fedorahosted.org/sssd/ticket/2082 Adds a new option that allows the admin to specify a LDAP access filter that can be applied globally, per-domain or per-forest.
* AD: Add a new option ad_access_filterJakub Hrozek2013-10-251-0/+24
| | | | | | | This patch just adds the option, it doesn't do anything useful yet. Related: https://fedorahosted.org/sssd/ticket/2082
* MAN: Fix refsect-idJakub Hrozek2013-10-115-5/+5
| | | | | | The refsect id was copied from sssd.conf(5) and was wrong. Fixing the refsect might help us if we ever generate other formats from XML and certainly wouldn't hurt.
* MAN: Reflow debug_levels.xmlStephen Gallagher2013-10-071-13/+20
| | | | | | Many lines in debug_levels.xml violated our line-length conventsions. This patch provides no functional changes, it simply brings those lines into compliance.
* MAN: Clarify debug level documentationStephen Gallagher2013-10-071-6/+20
| | | | | | | Originally, we planned to deprecate the decimal values for the debug levels, but that has proven to be too difficult for most users to understand. Instead, we will document both the simple decimal and complex bitmask values and recommend the use of the decimal values.
* MAN: Document that POSIX attributes must be replicated to GCJakub Hrozek2013-09-271-0/+5
| | | | | | Currently the AD provider relies on the presence of the POSIX attributes in the Global Catalog. This patch mentiones the fact in the sssd-ad(5) manual page.
* man: server side password policies always takes precedencePavel Březina2013-09-241-0/+5
| | | | https://fedorahosted.org/sssd/ticket/2091
* man: improve sssd-sudo manual pagePavel Březina2013-09-201-2/+22
| | | | | Resolves: https://fedorahosted.org/sssd/ticket/2085
* LDAP: Deprecate ldap_{user,group}_search_filterJakub Hrozek2013-09-201-44/+0
|
* MAN: Fix provider man page subtitleJakub Hrozek2013-09-205-5/+5
|
generated by cgit (git 2.34.1) at 2024-06-20 15:51:52 +0000